Command injection in CLI command Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-070 Final 1 1 2022-11-01T00:00:00 Current version 2022-11-01T00:00:00 2022-11-01T00:00:00 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. None Execute unauthorized code or commands Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team. FortiTester 7.1.0 FortiTester 7.0.0 FortiTester 4.2.0 FortiTester 4.1.1 FortiTester 4.1.0 FortiTester 4.0.0 FortiTester 3.9.1 FortiTester 3.9.0 FortiTester 3.8.0 FortiTester 3.7.1 FortiTester 3.7.0 FortiTester 3.6.0 FortiTester 3.5.1 FortiTester 3.5.0 FortiTester 3.4.0 FortiTester 3.3.1 FortiTester 3.3.0 FortiTester 3.2.0 FortiTester 3.1.0 FortiTester 3.0.0 CVE-2022-33870 FortiTester-7.1.0 FortiTester-7.0.0 FortiTester-4.2.0 FortiTester-4.1.1 FortiTester-4.1.0 FortiTester-4.0.0 FortiTester-3.9.1 FortiTester-3.9.0 FortiTester-3.8.0 FortiTester-3.7.1 FortiTester-3.7.0 FortiTester-3.6.0 FortiTester-3.5.1 FortiTester-3.5.0 FortiTester-3.4.0 FortiTester-3.3.1 FortiTester-3.3.0 FortiTester-3.2.0 FortiTester-3.1.0 FortiTester-3.0.0 7.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-070 Command injection in CLI command Reference>